OSX has functionality not available in the iOS SDK, and occasionally I'll find an answer like this one: no route.h on the iPhone SDK, that says "just copy the header file from the Simulator (or OSX) SDK and it'll work fine."
That seems suspect to me on multiple levels, including App Store approval, but then I read something like this from an Apple employee who says "if you're using sys/route.h declarations on iOS for an App Store app, please get in touch with me...", which sounds like tacit approval (or a ruse to catch misbehavior :)
Anyone know where the official line really is, and whether something like this is at all safe to do in production code? I'm particularly interested in lower-level BSD functions and whatnot for portability, as opposed to undocumented Objective-C methods.
I would not regard that comment on the Apple forums as tacit approval. It sounds like they're just trying to decide if some additional BSD APIs should be added for use in iOS apps.
In general, if there isn't an iOS header available for a function, then it's considered a Private API (for example, something under https://developer.apple.com/library/ios/). The official policy on Private APIs is that they're not to be used in apps distributed through the App Store.
Now, you can certainly use them for personal/hobby apps, or apps that you deploy in-house (Enterprise Distribution).
If the APIs you're talking about are APIs that are publically documented for OS X, and you can get them to work for iOS by copying headers, then they're probably part of the Darwin source base. It's very likely that they'll continue to function in future versions of iOS, although that's not guaranteed. Of course, nothing is guaranteed (really), as public APIs get deprecated, too.
Then, there's the issue that not all review checks are automated (I don't work for Apple, but can deduce this from things I've seen get through review). It isn't that unusual for apps to be approved with Private API usage, although if they get popular, Apple frequently pulls those apps from the store within a couple weeks. The review process isn't perfect.
So, my answer is that if you're submitting to the app store, don't expect copying in headers to work.
P.S. If you can tell us specifically which BSD function you're referring to, we might be able to give you a better answer.
P.P.S. The answer you link to about Route.h is from Grant Paul, who writes quite a bit of non-App Store software.
Additional useful information on Private APIs and the App Store
Apple never knows what header files you use - the danger of course is the definition from the copied file is close to, but not exactly, what iOS uses. If this file is important, or a few select files, post a question on Apple's internal forums and you will surely get an answer to such a question. Failing that, burn a DTS incident (you get two a year, I almost never use mine).
Related
I've been struggling to find how I could potentially implement a simple (iOS) app that would be able to block all connections to a specific domain (to prevent the user from accessing a specific social media platform for example, even from another app).
The information that I have found so far is that I should probably create a Packet Tunnel Provider within a Network Extension and ask the user to add VPN configurations, but I haven't found any example code that would show exactly how to implement this.
Do you have any idea how I could do that in a simple way (block all connections to a specific domain)? Is there a framework/library that I could use to do it easily?
Thank you!
Well, it would not be easy, but you can do it.
Sample code from Apple could be found here and here. This project is for iOS, but it may be on deprecated Swift version, so you will need to do some work to launch it now.
The part you are interested in the SimpleTunnel sample is FilterDataProvider and FilterControlProvider, other things you can omit, because the purpose of this sample is to demonstrate a lot of abilities.
There is also a sample for macOS that is more focused on your needs, and macOS SDK is alike to iOS, but less powerful.
You may want to see this video to sort things up in mind.
There are a lot of firewalls solutions for ios and mac, and some of them are opensource
The part you are interested in the SimpleTunnel sample is FilterDataProvider and FilterControlProvider, other things you can omit, because the purpose of this sample is to demonstrate a lot of abilities.
You will need a developer account, a network extension capability assigned to an application identity, and proper network extension entitlement file a to run things up.
There is a way to sign it manually for development without account&capability, but to distribute you will need it anyway.
For some restrictions you may be needed to install MDM profile on the device.
Working towards security is critical for any project. Currently looking towards integration of an third party SDK into my iOS App. However before that I would like to thoroughly analyse and scrutinize the SDK.
Some of the checkpoints are -
Pasteboard Analysis
Use of private API's banned by Apple e.g
CTTelephonyNetworkInfo
Database encryption (if any is created by the SDK)
What I looking for as an answer here is the way I can achieve the above plus any other things that I should look for.
I know the question might sound off the topic or rather like a discussion, but a checklist like this can turn out to be very important for all developers out there.
So I was able to check a simple checklist for this. However, I believe this answer would get out of date rather sooner. Still I will share what I should.
Pasteboard analysis - This is to check if the SDK copies anything on
the public pasteboard. As this is shared across all apps, it could
lead to vulnerability.
Persistent Data - Add the SDK to the app and check if it creates any
persistent storage like .sqlite file. Check the contents of this file
to understand what is being stored and if this information is
sensitive in any way.
UserPreferences - NSUserPreferences can be extensively used in any
SDK, this can rather lead to data being stored into simple text
format.
Private API usage - An SDK can use private iOS API's with help of methods like NSClassFromString and NSSelectorFromString. The usage for such API's is banned by Apple and can lead to rejection in review.
One can closely follow the following post. It would help to understand how to take a class dump. Check for hardcoded strings. Specially usage of Hopper Disassembler turned out helpful for me.
This may seem like an odd question, but I'm in the middle of creating an iOS app, and was wondering if there is a way to, in the future, roll out changes to the app without requiring all of the users to download an update.
I've noticed that Snapchat can do this with their filters - new filters are added regularly, without me updating the app.
I've read into 'Cloud code', something Parse had that apparently let you accomplish this. Obviously that's no longer an option.
Also, do Apple even allow this? Seeing as they need to approve every app before letting it onto the App Store, it would seem like they would need to approve any changes first too.
I've thought of strange things like storing a function in a database, then getting the app to download that function and run it - naturally if I were to now change the function in the database, it would change on all users devices instantly. Just how ridiculous is that idea? Thanks!
Depends on how much flexibility you want.
For example, Spotify does this for UI mainly - backend-driven UI, as they call it. They send a kind of layout from the server and convert it to a real iOS layout, based of a predefined mapping. You can find pretty more details in the Spotify's presentation.
Slides: http://www.slideshare.net/JohnSundell/backenddriven-native-uis
Video (more details): http://www.downvids.net/backend-driven-native-uis-john-sundell-and-diego-cristina-ca--777281.html
So actions can also be divided in similar pieces and abstractions, received from the server and interpreted - sort of scripting is needed. You can't compile and run arbitrary functions on the fly.
Hope it'll give you some ideas you can think of.
See Apple's app store review guidelines: https://developer.apple.com/app-store/review/guidelines/ section 2.4.5 (iv). Apps are not supposed to download code or resources to add functionality or significantly change the app from what Apple sees during the review process. And executable memory isn't even writable by sandboxed apps, which makes downloading compiled functions fairly useless. But downloading Javascript that complies with the above guidelines seems to be allowed.
Is it possible to create an API inside an iOS app to let 3rd party developers create app add-on that are downloadable for users inside the app?
I could not find any ressources for this topic online.
I think that's going to go against the app store guidelines if your intention is that the 3rd party developers write code, which will be downloaded and executed.
There's something of a grey area between legitimate uses and illegitimate uses of downloaded code:
Legitimate Example 1: Something like Hopscotch where children are creating simple fun shared games. These can be considered user generated content.
Legitimate Example 2: A game which is driven by scripts allows for the run-time downloading of patches to fix bugs in the scripts or even to add new levels. I believe such usages have been rejected occasionally in the past, but are generally accepted these days.
The relevant guideline from the guidelines is (emphasis mine):
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, Mac OS X, or tvOS apps.
And the all-encompassing:
We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, "I'll know it when I see it". And we think that you will also know it when you cross it.
If your idea is to create some sort of app-store within your app-store app, then I would abandon it immediately, because that's going to be way over Apple's line.
That said, you haven't given much detail about your app, so I might have made wrong assumptions about where you're thinking of going.
Does Apple allow the usage of sysctl.h within iOS applications?
PS: App Scanner, a third party tool that checks code for possible private-API usage seems to think it's okay.
Note:
There is one more question like this : How can I know if I'm using private frameworks?
With the usual disclaimer that nobody can tell you what a reviewer will do, I can say for sure that there are apps in the store that use sysctl functions.
(Minor point: Simply including a header isn't a problem since symbols there shouldn't be visible in your app unless they're used...it's the things you use that might get flagged rather than what's included.)